Security hole in open-source Mac OS X tool

Symantec warns Apple Mac users of flaw

By Jim Dalrymple | 31 May 07

Symantec has warned Apple Mac OS X users that one of the open-source technologies included in the operating system was vulnerable to an attack. The flaw only affects users that have turned on Windows Sharing - it is off by default on Mac OS X.

According to Symantec's DeepSight Threat Analyst Team, the version of Samba (3.0.10) that ships with Mac OS X is open to the Request Multiple Heap-Based Buffer Overflow vulnerability. This issue affects all versions of Samba prior to version 3.0.25, which is currently available for download.

Symantec noted that Apple last updated Samba as part of its Security Update 2005-003.

Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. The technology allows for interoperability between Linux/Unix servers and Windows-based clients.

Symantec recommends all Mac users that require Windows Sharing update their Macs with the latest version of Samba. If that is not possible, they recommend disabling Samba completely.